Impersonation not working.

[Durkin]

Hi. I'm using 2.0 and IIS5. I've set the anonymous account in IIS to use a domain account I set up and impersonate=true in the config file. I've also disabled integrated authentication. However, my application is still trying to access the database using the aspnet account. This is a new release to an existing application which was working fine with impersonation.

Any ideas.

Durkin

 

[vbkris]

hmm,

just a confirmation. you are using only windows authentication right?

in that case why do you want to enable anonymous authentication at all???

Known is handfull, Unknown is worldfull

 

[Durkin]

I want my application to use the anonymous account I have set up to access the database not the credentials of the user who is accessing the application. I have disabled integrated authentication in IIS.

Durkin

 

[vbkris]

aha,

but this is strage,

normally when you set "impersonate=true" it uses the account of the user who has logged in.
[quoute MSDN]
To impersonate the Microsoft Internet Information Services (IIS) authenticating user on every request for every page in an ASP.NET application, you must include an <identity> tag in the Web.config file of this application and set the impersonate attribute to true. For example:
[/quoute]

http://support.microsoft.com/kb/306158

why not setup a SQL Server account to access the DB (i am assuming that this is the SQL Server is the DB)???

Known is handfull, Unknown is worldfull

 

[Durkin]

IIS will authenticate the user logged in if integrated security is being used. Otherwise it should use the anonymous user account if it is set up. I'm not using integrated security.

Durkin

 

[vbkris]

>>Otherwise it should use the anonymous user account if it is set up. I'm not using integrated security.

now i am confused. are you using windows authentication or forms authentication?

if you are using windows authentication then for the authenticated pages, execution will happen under the logged in user's account (if impersonation is set to true). the impersonation is done by the ASPNET process and not by IIS.

other pages will use the anonymous user account to execute the pages...

Known is handfull, Unknown is worldfull

 

[Durkin]

I'm not using either windows authentication or forms authentication. Another option for accessing iis is to allow anonymous access. This is how most internet (as opposed to intranet) sites using iis are configured. It allows unauthenticated users to browse the site. An anonymous user account is specified which the site will use to access resources.

Durkin

 

[vbkris]

>>I'm not using either windows authentication or forms authentication. Another option for accessing iis is to allow anonymous access

great! then why are you setting "impersonate=true"?

like you said since you are not authenticating at all the aspnet process will use the default IIS anonymous user by default when it executes its pages.

try removing impersonation...



Known is handfull, Unknown is worldfull

 

[Durkin]

Impersonation will make the application run as the anonymous user rather than the default which is the aspnet user.

Durkin

 

[vbkris]

>>Impersonation will make the application run as the anonymous user rather than the default which is the aspnet user.

hi dorkin,

this i got to check. because when we develop in our local machine we always set the IUSR account as the anonymous user. we also have the aspnet account in place. we never set the impersonation option.

when we disable the anonymous user we get the standard windows authentication dialogue (even though aspnet is active)...

Known is handfull, Unknown is worldfull

 

[Durkin]

Check this out:

http://www.dotnet-guide.com/impersonation.html

IIS performs authentication. If anonymous access is allow then no authentication is perform and the request is passed to the asp.net app using the anonymous account set up. ASP.NET then treats it as a normal request ie. if impersonate is set to true it will run the request under the account from which it was made.

Durkin